Re: File upload in HTML forms

Daniel W. Connolly (connolly@hal.com)
Sat, 08 Oct 1994 00:04:36 -0500


In message <" 7-Oct-94 21:11:26 PDT".*.Ernesto_Nebel.SD@Xerox.com>, Ernesto_Neb
el.SD@xerox.com writes:
>I hope it'll be possible to see a TYPE "file" added to the HTML INPUT tag and to
>have browser support for this new type as soon as possible. (No changes to
>HTTP required).

I seem to recall that the proposal involved HTTP clients kinda acting
like servers, in that certain content types were supposed to trigger
the client into sending files.

This seems like an HTTP protocol change to me.

And what of security? What's to stop a server from responding with

Content-Type: application/file-upload-request

/etc/passwd

Hmmm.. it seems like the client should remember what files it told the
server that it wanted to upload. Now you've got implicit state between
transactions. How long does the client wait for the server to respond
before throwing the state away?

(I'm afraid I'm asking questions that have been covered, but I
can't seem to find a copy of the proposal. The BOF announcement,
for example, doesn't have a link to it.)

Dan